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I. Basis of the report 

1 With regard to the elements of the international application (Replacement sheets which have been furnished to 
the receiving Office in response to an invitation under Article 14 are referred to in this report as originally fiied 
and are not annexed to this report since they do not contain amendments (Rules 70. 16 and 70. 1 7))\ 



Description, Pages 

1-13 as originally filed 
Claims, Numbers 

1 .1 5 received on 24.09.2004 with letter of 21 .09.2004 
Drawings, Sheets 

1/6-6)6 as originally filed 

2 With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under 
Rule 55.2 anaVbr55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure 
in the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 
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5. □ This report has been established as if (some of) the amendments had not been made, since they have 

been considered to go beyond the disclosure as filed (Rule 70.2(c)). 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 

6. Additional observations, if necessary: 

V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1. Statement 

Novelty (N) Yes: Claims 1-15 

No: Claims 

Inventive step (IS) Yes: Claims 1-15 

No: Claims 

Industrial applicability (IA) Yes: Claims 1-15 

No: Claims 

2. Citations and explanations 
see separate sheet 
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SECTION V 

1 . Reference is made to the following documents: 

D1 : WO 01/22299 A (KEENE CATHERINE M ;UN RAYMOND (US); AGILE 

SOFTWARE (US); SADHURRE) 29 March 2001 (2001-03-29) 
D2: US-A-5 414 852 (KRAMER PAUL H ET AL) 9 May 1995 (1995-05-09) 
D3: US-A-5 864 871 (MCCARTHY MARY ELLEN ET AL) 26 January 1999 
(1999-01-26) 

D4: US 2003/061216 A1 (MOSES FRED) 27 March 2003 (2003-03-27) 

The subject-matter of cl. 1 , 8 and 14 differs from the disclosure of document D1 , 
which is regarded as being the closest prior art to the subject-matter of cl. 1 , 8 and 
14 ? essentially in that the information elements of the business entity definitions 
each having permission elements associated therewith and the steps/means of 
determining and of denying using these permission elements. 

The subject-matter of claims 1 , 8 and 14 is therefore new (Article 33(2) PCT). 

The problem to be solved by the present invention may be regarded as providing 
access control to information elements of information rather than to the 
information only. 

The solution to this problem proposed in claim 1 , 8 and 14 of the present 
application is considered as involving an inventive step (Article 33(3) PCT) for the 
following reasons: 

Documents D2 and D3 do mention neither the problem, nor a solution thereto. 

Though document D4 discloses controlling access to information elements 
(elements of an XML document) of an information (XML document) each of the 
elements having permission elements associated therewith, the disclosure lacks 
permission details associated with the information and, contrary to the invention, 
access control is done in the context of user authentication prior to receiving any 
user information access request. It is therefore considered that the teaching of 
document D4 therefore cannot be applied in an obvious way to the disclosure of 
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document D1. 

Claims 2 - 7 and 9 - 13 are respectively dependent on claims 1 and 8 and as such 
also meets the requirements of the PCT with respect to novelty and inventive step. 

CI. 15 contains all the features defined in cl. 1 and such also meets the 
requirements of the PCT with respect to novelty and inventive step. 

2. CI. 1 is based on original cl. 1 and 3. CI. 2 - 6 are based on cl. 2, 4 - 6 and 7 
respectively. Cl. 7 is based on the original description, p. 8, 1. 34 - p. 9, 1. 32. Cl. 8 
is based on original cl. 8 and 10. Cl. 9 - 13 are based on original cl. 9, 11 - 13 and 
14 respectively. Cl. 14 is based on original cl. 15 and original cl. 3. Cl. 15 is based 
on original cl. 16. 

3. The claimed method, registry, registry service and computer program product are 
industrially applicable. 
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CIAIMS 

1. A method for a registry of business entity definitions to handle user 
requests to access business entity definitions, the method comprising 
steps of: 

receiving a request from a user to access a business entity 
definition; 

obtaining, from data associated with the request, the identity of 
the user; 

determining, from permission details associated with the business 
entity definition and the identity of the user, whether the user nas 
permission to access information in the business entity definition; and 

denying the user access to information in the business entity 
definition if it is determined that the user does not have permission; 

wherein the information in the business entity definition comprises 
a plurality of information elements each having permission details 
associated therewith; the step of determining determines from permission 
details associated with each information element whether the user has 
permission to access that information element; and the step of denying 
denies the user access to those information elements for which it is 
determined that the user does not have permission. 

2. The method of claim 1 wherein the request specifies a search criteria, 
and method comprises the further step of: 

using the search criteria to locate the business entity definition 
and to determine what information in the business entity definition the 
user wishes to access, and then determining whether the user has 
permission to access the information that the user wishes to access. 

3. The method of claim 1 or claim 2, wherein the determining step further 
determines whether a user has permission to access an information element 
from an access policy and permission details associated with a different 
information element. 

4. The method of claim 3 wherein the information elements are in a 
hierarchy and the determining step determines that a user does not have 
permission to access a first information element if permission details, 
associated with one or more second information elements directly beneath 
the first information element in the hierarchy indicate that user does not 
have access to one or more of the second information elements. 
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5. The method of any one of the preceding claims, comprising the further 
step of: 

locating the permission details in a file system in which the 
permission details are in a location in the file system which is defined 
according to the information element with which they are associated. 

6. The method of any one of the preceding claims, wherein the registry is 
a UDDI registry and the information in the business entity definition is a 
business entity information element, the business entity information 
element containing one or more business service entity information 
elements, each business service entity containing one or more binding 
template information elements and each binding template containing one or 
more references each referring, to a technical model information element. 

7. The method of claim 1 wherein a first information element is 
contained by a first container information element and contains a 
reference to a second information element that is not contained by the 
first container information element, and wherein the step of determining 
whether the user has permission to access the second information element 
is performed from permission details associated with the first container 
information element and permission details associated with the second 
information element. 

8. A registry of business entity definitions for handling requests to 
access business entity definitions, the registry comprising: 

means for receiving a request from a user to access a business 
entity definition; 

means for obtaining, from. data associated with the request, the 
identity of the user; 

means for determining, from permission details associated with the 
business entity definition and the identity of the user, whether the user 
has permission to access information in the business entity definition; 
and 

means for denying the user access to information in the business 
entity definition if it is determined that the user does not have 
permission; 

wherein the information in the business entity definition comprises 
a plurality of information elements each having permission details 
associated therewith; and wherein the means for determining determines 
from permission details associated with each information element whether 
the user has permission to access that information element; and wherein 
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the means for denying denies the user access to those information elements 
for which it is determined that the user does not have permission. 

9. The registry of claim 8 wherein the request specifies a search 
criteria, and the registry further comprises: 

means for using the search criteria to locate the business entity 
definition and to determine what information in the business entity 
definition the user wishes to access. 

10. The registry of claim 8 or claim 9, wherein the determining means 
further determines whether a user has permission to access an information 
element from an access policy and permission details associated with a 
different information element. 

11. The registry of claim 10 wherein the information elements are in a 
hierarchy and the access policy specifies that a user does not have 
permission to access a first information element if permission details 
associated with one or more second information elements directly beneath 
the first information element in the hierarchy indicate that user does not 
have access to one or more of the second information elements. 

12. The registry of any one of claims 8 to 11, further comprising: 

means for locating the permission details in a file system in which 
the permission details are in a location in the file system which is 
defined according to the information element with which they are 
associated. 

13. The registry of any one of claims 8 to 12, wherein the registry is a 
UDDI registry and the information in the business entity definition is a 
business entity information element, the business entity information 
element containing one or more business service entity information 
elements, each business service entity containing one or more binding 
template information elements and each binding template containing one or 
more references each referring to a technical model information element. 

14. A registry service for handling user requests to access business 
entity definitions, providing the service comprising the* steps of: 

receiving a request- from a user to access a business entity 
definition; 

obtaining, from data associated with the request, the identity of- 
the user; 
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determining, from permission details associated with the business 
entity definition and the identity of the user, whether the user has 
permission to access information in the business entity definition; and 

denying the user access to information in the business entity 
definition if it is determined that the user does not have permission; 

wherein the information in the business entity definition comprises 
a plurality of information elements and at least one of the plurality has 
permission details associated therewith; the step of determining 
determines from permission details associated with a respective 
information element whether the user has permission to access that 
information element; and the step of denying denies the user access to 
those information elements for which it is determined that the user does 
not have permission. 

15. A computer program product comprising instructions which, when run on 
a data processing host, cause said data processing host to carry out a 
method according to any one of claims 1 to 7. 
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